CVE-2024-46798
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's ASoC (ALSA System on Chip) DAPM (Dynamic Audio Power Management) component. When a system with specific kernel configurations is suspended, a freed 'snd_soc_pcm_runtime' object can be accessed, potentially leading to kernel crashes or arbitrary code execution. This affects Linux systems with ALSA audio subsystems, particularly those using specific kernel configurations.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential arbitrary code execution with kernel privileges resulting in complete system compromise.
Likely Case
System instability or crash during suspend/resume cycles, potentially causing denial of service.
If Mitigated
System remains stable if vulnerable code path isn't triggered or if proper kernel hardening is in place.
🎯 Exploit Status
Exploitation requires local access and triggering of the suspend functionality. The vulnerability was discovered through KASAN detection during normal system operation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 3033ed903b4f28b5e1ab66042084fbc2c48f8624, 5d13afd021eb43868fe03cef6da34ad08831ad6d, 6a14fad8be178df6c4589667efec1789a3307b4e, 8ca21e7a27c66b95a4b215edc8e45e5d66679f9f, 993b60c7f93fa1d8ff296b58f646a867e945ae89
Vendor Advisory: https://git.kernel.org/stable/c/3033ed903b4f28b5e1ab66042084fbc2c48f8624
Restart Required: Yes
Instructions:
1. Update to a kernel version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable system suspend
linuxPrevent system from entering suspend state where vulnerability is triggered
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
Disable KASAN configurations
linuxRemove KASAN kernel configurations that help detect the vulnerability
Rebuild kernel without CONFIG_KASAN, CONFIG_KASAN_GENERIC, CONFIG_KASAN_INLINE, CONFIG_KASAN_VMALLOC
🧯 If You Can't Patch
- Restrict local user access to prevent potential exploitation
- Monitor system logs for kernel panic or crash events related to suspend operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and configuration: uname -r and check /boot/config-$(uname -r) for KASAN settingsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version contains fix commits: git log --oneline | grep -E '3033ed9|5d13afd|6a14fad|8ca21e7|993b60c'📡 Detection & Monitoring
Log Indicators:
- KASAN use-after-free reports in kernel logs
- System crashes during suspend/resume cycles
- Kernel panic messages
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
source="kernel" AND ("KASAN: use-after-free" OR "snd_pcm_suspend_all" OR "snd_soc_suspend")🔗 References
- https://git.kernel.org/stable/c/3033ed903b4f28b5e1ab66042084fbc2c48f8624
- https://git.kernel.org/stable/c/5d13afd021eb43868fe03cef6da34ad08831ad6d
- https://git.kernel.org/stable/c/6a14fad8be178df6c4589667efec1789a3307b4e
- https://git.kernel.org/stable/c/8ca21e7a27c66b95a4b215edc8e45e5d66679f9f
- https://git.kernel.org/stable/c/993b60c7f93fa1d8ff296b58f646a867e945ae89
- https://git.kernel.org/stable/c/b4a90b543d9f62d3ac34ec1ab97fc5334b048565
- https://git.kernel.org/stable/c/fe5046ca91d631ec432eee3bdb1f1c49b09c8b5e
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
